Skills

saas-session-recon

Installation
SKILL.md

SaaS Session Recon

Validate whether a specific SaaS platform's APIs accept browser session cookies for programmatic access. This determines if a Chrome extension can act as an invisible API proxy using the user's existing authenticated session.

Why this matters: Enterprise SaaS platforms gate OAuth/app installation behind IT admin approval. If the platform's APIs accept session cookies, a Chrome extension service worker can make fetch() calls with credentials: 'include' and the browser attaches cookies automatically — no admin approval needed.

Requirements

Requirement Type If unavailable
Chrome running + user logged into target platform Hard Stop. Ask user to open Chrome and log into the platform.
use-browser skill available (Claude in Chrome extension) Hard Fallback: use eng:browser with local browser mode (Playwright MCP Bridge).
Platform is one of the known platforms Adaptable Proceed with generic discovery workflow (skip platform-specific priors).

Browser Tool Surface

This skill uses use-browser tools. Key tools for recon:

Installs
12
Repository
inkeep/team-skills
GitHub Stars
10
First Seen
Mar 6, 2026
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail
saas-session-recon — inkeep/team-skills